|

A new lock screen vulnerability has been found for Android users who have the Viber app installed. Viber allows users from every major mobile platform to make free calls, texts, and share photos for free but it's the Android version that's causing issues.

The folks over at Bkav Internet Security found a way to bypass the Android lock screen by simply sending two messages to a victim's handset. The exploit takes advantage of Viber's pop up messages, which wakes the screen of the victim's phone. A message alert will pop up where the attacker can bring up the keyboard for a brief second. The final part of the exploit requires an attacker to send a second message and hit the "Back" key on the device, which unlocks the device, allowing full access to the phone's contents.

Viber is aware of the issue and plans to issue an update over the next week. In the mean time, Viber recommends users disable Pop-up notifications if they want to protect themselves from this exploit.

While this vulnerability is unfortunate, it's unlikely that your phone will be compromised since it requires an attacker to have physical access to your phone AND have you as a Viber friend.

Check out the video below to check out the exploit in action.

Source: Ars Technica

Commented

  • Viber |
    25/04/13
    Viber

    Hi, This is a member of the Viber Team.

    We are researching this issue at the moment and we will release an update very soon. We care a lot about our users' security, and so we see this as a first priority task.

    Meanwhile, until we release the fixed version and as a temporary workaround, it is possible to disable the auto-unlocking of the screen through Viber's settings. This will eliminate the security glitch completely.

    Stay tuned for the upcoming update :)

    Viber Team

  • Viber |
    26/04/13
    Viber

    Hi again,

    As promised, we've released a fixed version for this problem. It can be found and downloaded here: http://download.viber.com/viber.apk We will make sure that such glitches do not reoccur :)

    For any other questions/concerns, please don't hesitate to contact us.

    the Viber Team.

  • lewis.leong |
    26/04/13
    lewis.leong

    Thanks for the update, Viber!

    We have an updated post about the fix here: http://onsoftware.en.softonic.com/viber-quickly-patches-android-app-fixes-lock-screen-vulnerability

  • Lewis Leong |
    26/04/13
    Lewis Leong

    Thanks for the update, Viber Team!

    We have an updated post about the fix here: http://onsoftware.en.softonic.com/viber-quickly-patches-android-app-fixes-lock-screen-vulnerability

15/09/14
Your avatar